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RECEIVED 
CENTRAL fiW< CENTER 

JUN 1 1 2008 



AMENDMENTS TO THE CLAIMS 



This listing of claims will replace all prior versions and listings of claims in the application. 
Listing of Claims: 



upon power-up of a computer, retrieving boot code and a certificate from a peripheral 
device coupled to the computer^ the certificate describing operation of the boot code for 
initializing the peripheral devic e, wherein the boot code is gener ated from a first programming. 
language, and wherein the certificate includes an annotation defining a p roof of security and 
safety for both (i) one or more blocks of code generated from a second progratmoing language 
different from the first programming language and fii^ one or more cotresponding blocks of the 
boot code resulting from translation of the one or mote blocks of the code of the second 
programmitig language i nto the first programming language: 

verifying, with the computer, security of the boot code associated with the peripheral 
device by performir^ a security check on the boot code in accordance with the certificate; and 

executing the boot code with the computer to (i) initialize the peripheral device based on 
a result of the security check and (ii) provide, subsequent to the initialization, an interface by 
which the computer controls operation of the peripheral device- 
Claim 2 (Original) The method of claim 1 . wherein verifying the security of the boot code 
mcludes verifying the boot code via Efficient Code Certification that specifies a process for 
performing the security check on the boot code as indicated by the certificate. 

Claim 3 (Original) The method of claim 1 , wherem the certificate further indicates a type of 
security check to perform. 



Claim 1 (Currently Amended) 



A method comprising: 
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Claim 4 (Original) The method of claim 3, wherein the type of security check comprises one 
of a security check to enforce type safety, a security check to enforce control flow safety, a 
security check to enforce memory safety, a security check to enforce stack safety, a security 
check to enforce device encapsulation and a security check to enforce prevention of specific 
forms of harm. 

Claim 5 (Original) The method of claim 1 , wherein the boot code includes boot firmware- 
Claim 6 (Original) The method of claim 5, wherein the boot firmware conforms to Open 
Firmware standard IEEE-1275. 

Claim 7 (Original) The method of claim I , wherein verifying the safety of the boot code 
occurs inline such that verifying the safety of the boot code occurs in real time prior to executing 
the boot code. 

Claim 8 (Original) The method of claim 1 , wherein the boot code includes boot code defining 
a device driver to initialize the peripheral device and define an application program interface for 
accessing and controlling the peripheral device. 

Claims 9 (Withdrawn) A method comprising: 

genemting a boot code for a peripheral device from a program written in a high-level 

programming language; 

gathering information while generating the boot code; and 

generating a certificate from information gathered while generatmg the boot code, 

wherein the certificate describes operation of the boot code. 
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Claim 10 (Withdrawn) The method of claiin 9, wherein generating the boot code 

comprises: 

compiling the program written in the high-level programming language into a bytecode; 
translating the bytecode into a program written in a low-level programming language; and 
tokenizing the program written in the low-level language into the boot code. 

Claim. 1 1 (Withdrawn) The method of claim 1 0, wherein gathering inforaiation while 
generating the boot code comprises gathering compilation information while compiling the 
program written in the high-level language into the bytecodc- 

Claim 12 (Withdrawn) The method of claim 1 1 , wherein the program written in the high- 
level language includes a call to a verification application program interface, which provides 
secure access to the peripheral device. 

Claim 1 3 (Withdrawn) The method of claim 1 0, wherein the low-level programming 
language includes Forth. 

Claim 14 (Withdrawn) The method of claim 9, wherein the high-level programming 
language includes one of Java, C-*^ and Visual Basic. 

Claim 15 (Withdrawn) The method of claim 9, wherein the boot code con^rises boot 
firmware. 

Claim 16 (Withdrawn) The method of claim 15, wherein the boot firmware conforms to 
Open Firmware standard IEEE-1275. 

Claim 17 (Withdrawn) The method of claim 9, jEurther comprising verifying security of the 
program written in the high-level programming language prior to generating the boot code, and 
wherein generating the boot code includes generating the boot code based on the result of 
verifying the security of the program written in the high-level programming language. 
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Claim 1 8 (Curretttly Amended) A device comprising: 

an interface to retrieve boot code and a certificate jfrom a peripheral device t^n power- 
up of the device , wherein the boot code is generated from a first prograroroing language, and 
wherein the certificate includes annotation information defining indepen dentlv verifiable proofs 
of security and safety of one or more blocks of code generated_fi:om a sec ond programming 
language different from the first OTOgnunming language; 

a memory module to store the boot code from the peripheral device; and 
a control unit to verify security of the boot code associated with the peripheral device by 
performing a security check on one or more blocks of t he boot code in accordance with fee_ 
annotation information of the frail certificate that dosoriboa operation of tho boot ood e, the 
control unit configured to execute the boot code to (i) initialize the peripheral device based on a 
result of the security check and (ii) provide, subsequent to the initialization, an interface by 
which the control unit controls operation of the peripheral device. 

Claim 1 9 (Original) The device of claim 1 8, wherein the control unit verifies the boot code 
using principles of Eificient Code Certification. 

Claim 20 (Original) The device of claim 1 8, wherein the certificate further indicates a ^e of 
security check to perform. 

Claim 21 (Original) The device of claim 20, wherein the type of security check comprise one 
of a security checks to enforce type safety^ a security check to enforce control flow safety, 
security checks to enforce memory safety, security checks to mforce stack safety, security checks 
to enforce device encapsulation and security checks to enforce prevention of specific forms of 
harm. 

Claim 22 (Original) The device of claim 18, wherein the boot code includes boot firmware. 

Claim 23 (Original) The device of claim 22, wherein the boot firmware conforms to Open 
Firmware standard IEEE-1275. 
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Claim 24 (Original) The device of claim 1 8, wherein the control unit verifies the safety of the 
boot code in real time prior to executing the boot code. 

Claim 25 (Origtoal) The device of claim 1 8, wherein the boot code defines a device driver to 
initialize the peripheral device and define an application program interface for accessing and 
controlling the peripheral device. 

Claim 26 (Withdrawn) A device comprising a control unit to generate a boot code for a 
peripheral device from a program written in a high-level programming language and generate a 
certificate from information gathered while generating the boot code, wherein the certificate 
describes operation of the boot code. 

Claim 27 (Withdrawn) The device of claim 26, wherein the control unit compiles the 
program written in the high-level programming language into a bytecode, translates the bytecode 
into a program written in a low-level programming language, and tokenizes the program wri tten 
in a loW'level language into the boot code. 

Claim 28 (Withdrawn) The device of claim 27, wherein the control unit generates the 
certificate from compilation information gathered by the control unit while the control unit 
compiles the program written in the high-level language into the bytecode. 

Claim 29 (Withdrawn)The device of claim 27, wherein the low-level programming language 
includes Forth. 

Claim 30 (Withdrawn) The device of claim 26. wherein the high-level programming 
language includes one of Java, C-H- and Visual Basic. 

Claim 3 1 (Withdmwn) The device of claim 26, wherein the boot code comprises boot 
firmware. 
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Claim 32 (Withdrawn) The device of claim 3 1 , wherein the boot firmware conforms to 
Open Firmware standard IEEE- 1275. 

Claim 33 (Withdrawn) The device of claim 26, wherein the program written in the high- 
level language includes a call to a verification application program interface, which provides 
secure access to the peripheral device. 

Claim 34 (Withdrawn) The device of claim 26, wherein the control unit verifies security of 
the prograin writt^ in the high-level programming language prior to generating the boot code 
and generates the boot code based on the result of the verification of the security of the program 
written in the high-level programming language. 

Claim 35 (Currently Amended) A system comprising: 

a peripheral device having a memory module, wherein the memory module stores a boot 

code and a certificate^ 

wherein the boot code is generated from a first programming language, and 

wherein the certificate includes an annotation defining a proof of securit v and safety for 

both (\) one or more blocks of code generated from a second programming language different. 

from the first programming language and (n\ one or m ore corresponding blocks of the boot code, 

and 

a computer having an interface to retrieve the boot code and the certificate firom the 
peripheral device, a second memory module and a control unit, wherein the control unit uses the 
interface to retrieve the boot code and the certificate fi-om the peripheral device and executes a 
verification module that verifies security of the boot code by performing a security check on the 
boot code to independently verify the proof represented bv th e annotation information of ifl- 
accordance ^vitb a the certificate that describes operation of the boot cod e, and 

wherein the control imit further executes the boot code based on a result of the security 
check to (1) initialize the peripheral device and (ii) provide, subsequent to the kitialization, an 
interface by which the control unit controls operation of the peripheral device, 
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Claim 36 (Original) The system of claim 35, wherein the control unit verifies the boot code 
using principles of Efficient Code Certt6cation. 

Claim 37 (Original) The system of claim 35, wherein the certificate further indicates a type of 
security check to perform. 

Claim 38 (Original) The system of claim 37, wherein the type of security check comprise one 
of a security check to enforce type safety, a security check to enforce control flow safety, a 
security check to enforce memory safety, a security check to enforce stack safety, a security 
check to enforce device encapsulation and a security check to enforce prevention of specific 
forms of harm. 

Claim 39 (Original) The system of claim 35» wherein the verification module verifies the safety 
of the boot code in real time prior to executing the boot code. 

Claim 40 (Original) The system of claim 35, wlierein the boot code defines a device driver to 
initialize the peripheral device and to define an application program interface for accessing and 
controlling the peripheral device. 

Claim 41 (Original) The system of claim 35, wherein the peripheral device comprises one of a 
graphic device, network controller and storage controller. 

Claim 42 (Withdrawn) A system comprising: 

a peripheral device having a memory module; and 

a control unit to generate a boot code from a program written in a high-level 
progranrniing language, generate a certificate from information gathered while generating the 
boot code, and load the boot code and the certificate into the memory module^ wherein the 
certificate describes operation of the boot code. 



-10- 

PAGE13»1'RCVDAT6/11/2008 5:03:38 PM[Eastem Da 



0G/11/2008 15:53 6517351102 



SHUMAKER & SIEFFRERT 



PAGE 14/31 



AppUcatton Number 10/656,75 1 
Amendment dated June 1 1 , 2008 
Response to Office Action mailed Febniary 1 1 , 2008 

Claim 43 (Withdbrawti) The system of claim 42, wherein the oontrol unit compiles the 
progranj written in the high-level programming language into a bytecode, translates the bytecode 
into a program witten in a low-level programming language, and tokenizes the program written 
in a low-level language into the boot code. 

Claim 44 (Withdrawn) The system of claim 43, wherein the control unit gathers 
compilation information while the control unit compiles the program written in the high-level 
language into the bytecode. 

Claim 45 (Withdrawn) The system of claim 44, whcrem the program written in the high- 
level language includes a call to a verification application program interface^ which provides 
secure access to the peripheral device. 

Claim 46 (Withdrawn) The system of claim 42, wherein the control unit verifies security 
of the program written in the high-level programming language prior to genemting the boot code 
and generates the boot code based on the result of the verification of the security of the program 
written in the high-level programming language. 
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Claim 47 (Ctirremly Amended) A computer-readable medium comprising instructions for 
causing a programmable processor to: 

retrieve boot code from a peripheral devic e, wherein the boot code is generated from a 
first programming language : 

store the boot code on a computer coupled to the peripheral device; 
verify security of the boot code associated with the peri pheral device by performing a security 
check on the boot code in accordance with a certificate that describes operation of the boot code^ 

wherein the certificate includes an annotation defining a proof of security and safety for 
both (i) one or more blocks of code genemted from a second programming language different 
from the first programming language and fii^ one or more corresponding blocks of the boot code 
resulting from translation of the one or more blo cks of the code of the second programming 
language into the first programming language : and 

execute the boot code based on a result of the security check to (i) initialize the peripheral 
device and (ii) provide, subsequent to the initialitation, an interface by which the progranraiable- 
processor controls operation of the peripheral device. 

ClEum 48 (Original) The computer-readable medium of claim 47, wherein the instructions for 
causing the programmable processor to verify the security of the boot code includes instructions 
to verify the boot code using principles of Efficient Code Certification. 

Claim 49 (Original) The computer-readable medixmn of claim 47, wherein the certificate fiirther 
indicates a type of security check to perform. 

Claim 50 (Original) The computer-readable medium of claim 49, wherein the type of security 
check comprise one of a security check to enforce one of type safety, a security check to enforce 
control flow safety, a security check to enforce memory safety, a security check to enforce stack 
safety, a security check to enforce device encapsulation and a security check to enforce 
prevention of specific forms of harm. 
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Claim 5 ! (Original) The computer-readable medium of claim 47, wherein the boot code 
includes boot finnware. 

Claim 52 (Ori ginal) The computer-readable medium of claim 5 U wherein the boot finnware 
conforms to Open Finnware standard IEEE-1275. 

Claim 53 (Original) The computer-readable medium of claim 47, wherein instruction causing 
the programmable processor to verify the safety of the boot code includes instructions causing 
the programmable processor to verify the safety of the boot code in real time prior to executing 
the boot code* 

Claim 54 (Original) The computer-readable medium of claim 47, wherein the boot code 
Includes boot code defining a device driver to initialize the peripheral device and to define an 
application program interface for accessing and controlling the peripheral device. 

Claim 55 (Withdrawn) A computer-readable medium comprising instructions for causing 
a programmable processor to: 

generate a boot code for a peripheral device from a propara written in a high-level 
programming language; and 

generate a certificate that describes operation of the boot code from information gathered 
while generating the boot code. 

Claim 56 (Withdrawn) The computer-readable medium of claim 55, wherein the 
instructions to generate the boot code comprises instructions to cause the programmable 
processor to: 

compile the program written in the high-level programming language into a bytecode; 
translate the bytecode into a program written in a low-level programming language; and 
tokenizc the program written in a low-level language into the boot code. 
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Claim 57 (Withdrawn) ITie computer-readable medium of claim 56, wherein information 
gathered while generating the boot code, further includes compilation information gathered vAiil^ 
compiling the program written in the high-level language into the bytecode. 

Claim 58 (Withdrawn) The computer-readable medium of claim 56, wherein the high- 
level programming language includes Java, C-H- and Visual Basic. 

Claim 59 (Withdrawn) The computer-readable medium of claim 56, wherein the low-level 
programming lai^age includes Forth. 

Claim 60 (Withdrawn) The computer-readable medium of claim 55, wherein the boot code 
comprises boot firmware. 

Claim 6 1 (Withdrawn) The computer-readable medium of claim 60, wherein the boot 
firmware conforms to Open Firmware standard IEEE- 1275. 

Claim 62 (Withdrawn) The computer-readable medium of claim 55, wherein the program 
written in the high-level language includes a call to a verification application program interface, 
which provides secure access to the peripheral device. 

Claim 63 (Withdrawn) The computer-readable medium of claim 55> further comprising 
instruction to cause the programmable processor to verify security of the program written m the 
high-Ievel programming language prior to generating the boot code and generating the boot code 
includes generating the boot code based on the result of verifying the security of the program 
written in the high-level programming language. 
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Claim 64 (Withdrawn) A method comprising: 

generatltig a boot code in the fcodc programtxiitig language for a peripheral device from a 
program written in the Java programming language; and 

generating a certificate from information gathered while generating the boot code, 
wherein the certificate describes operation of the boot code. 

Claim 65 (New) The method of cl aim 1 , 

wherein the first programming language comprises a non-object oriented programming 
language, and 

wherein the second programming language comprises an object oriented programming 
language. 

Claim 66 (New) The device of claim 1 8, 

wherein the first programming language comprises a non-object oriented programming 
language, and 

wherein the second programming language comprises an object oriented programming 
language. 

Claim 67 (New) The system of claim 35, 

wherein the first programming language comprises a non-object oriented programming 
language, and 

wherein the second programming language comprises an object oriented programming 
language. 

Claim 68 (New) The system of claim 35, wherein the one or more corresponding blocks of 
the boot code result &om translation of the one or more blocks of the code of the second 
programming language into the first programming language. 
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Claim 69 (New) The computer-readable medium of claim 47, 

wherein the first ][»x)gramming language comprises a non-object oriented programming 
language, and 

wherein the second programming language comprises an object oriented programming 
language. 
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